Configuring Secure Shell (SSH)

Steps for Configuring and Using SSH for Switch and Client Authentication

B. Switch Preparation

1.Assign a login (Operator) and enable (Manager) password on the switch (page 6-10).

2.Generate a public/private key pair on the switch (page 6-10).

You need to do this only once. The key remains in the switch even if you reset the switch to its factory-default configuration. (You can remove or replace this key pair, if necessary.)

3.Copy the switch’s public key to the SSH clients you want to access the switch (page 6-13).

4.Enable SSH on the switch (page 6-15).

5.Configure the primary and secondary authentication methods you want the switch to use. In all cases, the switch will use its host-public- key to authenticate itself when initiating an SSH session with a client.

SSH Login (Operator) options:

Option A:

Primary: Local, TACACS+, or RADIUS password

Secondary: Local password or none. If the primary option is local, the secondary option must be none.

– Option B:

Primary: Client public-key authentication (login public- key — page 6-24)

Secondary: none

Note that if you want the switch to perform client public-key authentication, you must configure the switch with Option B.

• SSH Enable (Manager) options:

Primary: Local, TACACS+, or RADIUS

Secondary: Local password or none. If the primary option is local, the secondary option must be none.

6.Use your SSH client to access the switch using the switch’s IP address or DNS name (if allowed by your SSH client application). Refer to the documentation provided with the client application.

6-7